From patchwork Tue Oct 14 13:07:58 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 9199 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R13" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4cmF062km1z3xNb for ; Tue, 14 Oct 2025 13:08:38 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail02.haj.ipfire.org", Issuer "E8" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4cmF040TNKz41N for ; Tue, 14 Oct 2025 13:08:36 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4cmDzy6bWKz33Bw for ; Tue, 14 Oct 2025 13:08:30 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [IPv6:2001:678:b28::25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R13" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4cmDzq64JBz3314 for ; Tue, 14 Oct 2025 13:08:23 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4cmDzq1V7dz3cP; Tue, 14 Oct 2025 13:08:23 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1760447303; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=28LszM0F9ZKTKDETAJHM7a7cgu5jfSgBVxoDssyA0OA=; b=aqWQxucnODZDyle2MkorLQ18iga7VgxstH2H41Sv7Zo8Zd1/LhXy4ud/b+WXV61/31qXsC EtSXcT6ELSy9/lDA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1760447303; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=28LszM0F9ZKTKDETAJHM7a7cgu5jfSgBVxoDssyA0OA=; b=uAX5iakTqLIqsOL8gJYGdmGYI+W4bHF2varUto9VlCLj1j+IwSE37PW+XeeVxACvvyWko/ LQmy4JEsn0bwiXzc98ZOGZe7iQNLEj71NaRNpoI2XWd2ccj/2s98R2pPDZAkz3GPVpPoX/ 9PciFplCc6pUlJPYu5EgUM/IZodiSFd5PmCiiq/i7ieSSxwKGvkE+/bC8UHGaL5ILThgKG FpxSzU16X9Q9W0qXlztr1KRY4fvM+wgYBuCudEjKm4kGDc1Zc/Fx8Sm+iHwhQ8E/Bohv93 F0BmMWgPSmQzoJW6aBIsLXJapZifUS8sDu5q9kV3PpeWla4w5kTlmT8sS25/fQ== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH 1/2] openssh: Update to version 10.2p1 Date: Tue, 14 Oct 2025 15:07:58 +0200 Message-ID: <20251014130807.3469514-6-adolf.belka@ipfire.org> In-Reply-To: <20251014130807.3469514-1-adolf.belka@ipfire.org> References: <20251014130807.3469514-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 - Update from version 10.0p1 to 10.2p1 - No change to rootfile - Changelog 10.2p1 Future deprecation warning * A future release of OpenSSH will deprecate support for SHA1 SSHFP records due to weaknesses in the SHA1 hash function. SHA1 SSHFP DNS records will be ignored and ssh-keygen -r will generate only SHA256 SSHFP records. The SHA256 hash algorithm, which has no known weaknesses, has been supported for SSHFP records since OpenSSH 6.1, released in 2012. Bugfixes * ssh(1): fix mishandling of terminal connections when ControlPersist was active that rendered the session unusable. bz3872 * ssh-keygen(1): fix download of keys from PKCS#11 tokens. * ssh-keygen(1): fix CA signing operations when the CA key is held in a ssh-agent(1). bz3877 10.1p1 Future deprecation warning * A future release of OpenSSH will deprecate support for SHA1 SSHFP records due to weaknesses in the SHA1 hash function. SHA1 SSHFP DNS records will be ignored and ssh-keygen -r will generate only SHA256 SSHFP records. The SHA256 hash algorithm, which has no known weaknesses, has been supported for SSHFP records since OpenSSH 6.1, released in 2012. Potentially-incompatible changes * ssh(1): add a warning when the connection negotiates a non-post quantum key agreement algorithm. This warning has been added due to the risk of "store now, decrypt later" attacks. More details at https://openssh.com/pq.html This warning may be controlled via a new WarnWeakCrypto ssh_config option, defaulting to on. This option is likely to control additional weak crypto warnings in the future. * ssh(1), sshd(8): major changes to handling of DSCP marking/IPQoS In both client and server the default DSCP (a.k.a IPQoS) values were revised and the way these values are used during runtime has changed. Interactive traffic is now assigned to the EF (Expedited Forwarding) class by default. This provides more appropriate packet prioritisation information for the intermediate network, such as wireless media (cf. RFC 8325). Non-interactive traffic will now use the operating system default DSCP marking. Both the interactive and non-interactive DSCP values may be overridden via the IPQoS keyword, described in ssh_config(5) and sshd_config(5). The appropriate DSCP marking is now automatically selected and updated as needed over the course of a connection's lifetime. ssh(1) and sshd(8) will switch between the interactive and non-interactive IPQoS values depending on the type of SSH channels open at the time. For example, if an sftp session is using the connection alongside a shell session, then the non- interactive value will be used for the duration of the sftp. A connection which contains only interactive sessions is marked EF. * ssh(1), sshd(8): deprecate support for IPv4 type-of-service (ToS) keywords in the IPQoS configuration directive. Type of Service (ToS) was deprecated in the late nineties and replaced with the Differentiated Services architecture, which has significant advantages for operators because it offers more granularity. OpenSSH switched its default IPQoS from ToS to DSCP values in 2018 (openssh-7.7). IPQoS configurations with 'lowdelay', 'reliability', or 'throughput' will be ignored and will instead use the system default QoS settings. Additionally, a debug message will be logged about the deprecation with a suggestion to use DSCP QoS instead. * ssh-add(1): when adding certificates to an agent, set the expiry to the certificate expiry time plus a short (5 min) grace period. This will cause the agent to automatically remove certificates shortly after they expire. A new ssh-add -N option disables this behaviour. * All: remove experimental support for XMSS keys. This was never enabled by default. We expect to implement a new post-quantum signature scheme in the near future. * ssh-agent(1), sshd(8): move agent listener sockets from /tmp to under ~/.ssh/agent for both ssh-agent(1) and forwarded sockets in sshd(8). This ensures processes that have restricted filesystem access that includes /tmp do not ambiently have the ability to use keys in an agent. Moving the default directory has the consequence that the OS will no longer clean up stale agent sockets, so ssh-agent now gains this ability. To support $HOME on NFS, the socket path includes a truncated hash of the hostname. ssh-agent will, by default, only clean up sockets from the same hostname. ssh-agent(1) gains some new flags: -U suppresses the automatic cleanup of stale sockets when it starts. -u forces a cleanup without keeping a running agent, -uu forces a cleanup that ignores the hostname. -T makes ssh-agent put the socket back in /tmp. Security * ssh(1): disallow control characters in usernames passed via the commandline or expanded using %-sequences from the configuration file, and disallow \0 characters in ssh:// URIs. If an ssh(1) commandline was constructed using usernames or URIs obtained from an untrusted source, and if a ProxyCommand that uses the %r expansion was configured, then it may be possible for an attacker to inject shell expressions that may be executed when the proxy command is started. We strongly recommend against using untrusted inputs to construct ssh(1) commandlines. This change also relaxes the validity checks in one small way: usernames supplied via the configuration file as literals (i.e. that have no % expansion characters) are not subject to these validity checks. This allows usernames that contain arbitrary characters to be used, but only via configuration files. This is done on the basis that ssh's configuration is trusted. New features * ssh(1), sshd(8): add SIGINFO handlers to log active channel and session information. * sshd(8): when refusing a certificate for user authentication, log enough information to identify the certificate in addition to the reason why it was being denied. Makes debugging certificate authorisation problems a bit easier. * ssh(1), ssh-agent(1): support ed25519 keys hosted on PKCS#11 tokens. * ssh(1): add an ssh_config(5) RefuseConnection option that, when encountered while processing an active section in a configuration, terminates ssh(1) with an error message that contains the argument to the option. This may be useful for expressing reminders or warnings in config files, for example: Match host foo RefuseConnection "foo is deprecated, use splork instead" * sshd(8): make the X11 display number check relative to X11DisplayOffset. This will allow people to use X11DisplayOffset to configure much higher port ranges if they really want, while not changing the default behaviour. * unit tests: the unit test framework now includes some basic benchmarking capabilities. Run with "make UNITTEST_BENCHMARK=yes" on OpenBSD or "make unit-bench" on Portable OpenSSH. Bugfixes * sshd(8): fix mistracking of MaxStartups process exits in some situations. At worst, this could cause all MaxStartups slots to fill and sshd to refuse new connections. * ssh(1): fix delay on X client startup when ObscureKeystrokeTiming is enabled. bz#3820 * sshd(8): increase the maximum size of the supported configuration from 256KB to 4MB, which ought to be enough for anybody. Fail early and visibly when this limit is breached. bz3808 * sftp(1): during sftp uploads, avoid a condition where a failed write could be ignored if a subsequent write succeeded. This is unlikely but technically possible because sftp servers are allowed to reorder requests. * sshd(8): avoid a race condition when the sshd-auth process exits that could cause a spurious error message to be logged. * sshd(8): log at level INFO when PerSourcePenalties actually blocks access to a source address range. Previously this was logged at level VERBOSE, which hid enforcement actions under default config settings. * sshd(8): GssStrictAcceptor was missing from sshd -T output; fix * sshd(8): Make the MaxStartups and PerSourceNetBlockSize options first-match-wins as advertised. bz3859 * ssh(1): fix an incorrect return value check in the local forward cancellation path that would cause failed cancellations not to be logged. * sshd(8): make "Match !final" not trigger a second parsing pass of ssh_config (unless hostname canonicalisation or a separate "Match final" does). bz3843 * ssh(1): better debug diagnostics when loading keys. Will now list key fingerprint and algorithm (not just algorithm number) as well as making it explicit which keys didn't load. * All: fix a number of memory leaks found by LeakSanitizer, Coverity and manual inspection. * sshd(8): Output the current name for PermitRootLogin's "prohibit-password" in sshd -T instead of its deprecated alias "without-password". bz#3788 * ssh(1): make writing known_hosts lines more atomic by writing the entire line in one operation and using unbuffered stdio. Usually writes to this file are serialised on the "Are you sure you want to continue connecting?" prompt, but if host key checking is disabled and connections were being made with high concurrency then interleaved writes might have been possible. Portability * sshd(8): check the username didn't change during the PAM transactions. PAM modules can change the user during their execution, but this is not supported by sshd(8). If such a case was incorrectly configured by the system administrator, then sshd(8) could end up using a different username to the one authorised by PAM. * sshd(8): don't log audit messages with UNKNOWN hostname to avoid slow DNS lookups in the audit subsystem. * All: when making a copy of struct passwd, ensure struct fields are non-NULL. Android libc can return NULL pw_gecos, for example. * All: Remove status bits from OpenSSL >=3 version check. * sshd(8), ssh(1): Use SSH_TUN_COMPAT_AF on FreeBSD. Otherwise tun forwarding from other OSes fails as soon as the first IPv6 message is sent by the other side (which is usually a Router Solicitation ICMPv6 message which is sent as soon as the interface is up). * ssh(1), ssh-agent(8): check for nlist function presence before attempting to use it instead of relying on the presence of the nlist.h header. Mac OS X, for example, has the header but not the function in the 64bit libraries. * All: fill in missing system header files. Create replacement header files inside openbsd-compat for common headers that are missing on a given platform. Usually these are just empty, but in some cases they'll include the equivalent file. This avoids having to wrap those includes in '#ifdef HAVE_FOO_H' and reduces the diff between Portable OpenSSH and OpenBSD. * sshd(8): handle futex_time64 properly in seccomp sandbox Previously we only allowed __NR_futex, but some 32-bit systems apparently support __NR_futex_time64. We had support for this in the sandbox, but because of a macro error only __NR_futex was allowlisted. * Add contrib/gnome-ssh-askpass4 for GNOME 40+ using the GCR API. * sshd(8): let ga_init() fail gracefully if getgrouplist does. Apparently getgrouplist() can fail on OSX when passed a non-existent group name. Other platforms seem to return a group list consisting of the numeric gid passed to the function. bz3848 * ssh-agent(1): exit 0 from SIGTERM under systemd socket-activation, preventing a graceful shutdown of an agent via systemd from incorrectly marking the service as "failed". * build: wrap some autoconf macros in AC_CACHE_CHECK. This allows skipping/overriding the OSSH_CHECK_CFLAG_COMPILE and OSSH_CHECK_CFLAG_LINK macros used to discover supported compiler or linker flags. E.g. $ ./configure ossh_cv_cflag__fzero_call_used_regs_used=no [...] checking if cc supports compile flag -fzero-call-used-regs=used and linking succeeds... (cached) no Signed-off-by: Adolf Belka --- lfs/openssh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/openssh b/lfs/openssh index 46151228c..bdaa19c9d 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -24,7 +24,7 @@ include Config -VER = 10.0p1 +VER = 10.2p1 THISAPP = openssh-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 4ce353adf75aade8f4b2a223ad13e2f92cd23d1e60b4ee52bad0eaf036571229438cd9760dfa99c0e10fa09a8ac47b2bfb04eb183fb7b9287ac564ec75316a75 +$(DL_FILE)_BLAKE2 = 8c031b10b1642e21b46f7d1db84ba42692e378a54af3d8e5b5c8706c3a0a06d442a02ed8803063121e7ff325ea275cad4432b9eaa6a7f47a4d7cfad504953ab6 install : $(TARGET)